CLAIMS 



1. A method of making instructions of an 
electronic portable object XfiP secure, which object is 
executing a program P supplied by a non- secure other 
electronic object XT in the form of a succession of F 
instructions, F thus denoting the number of 
instructions of said program P, said method using: 

a secret -key protocol co-operating with an 
ephemeral secret key K; 

- a symmetrical cryptographic MAC function fi K co- 
operating with a hash function HASHi defined by a 
compression function H x and a constant IV lf and with a 
hash function HASH 2 defined by a compression function H 2 
and a constant IV 2 ; and 

a program identifier ID stored in the 
electronic object X/iP and corresponding to hashing 
of P; 

said method being characterized in that said 
public-key protocol comprises the following stages: 

a) an initialization stage during which the X/iP 
generates an ephemeral key K, then receives from the XT 
the set of programs P, the number of instructions F and 
its identifier ID, computes the hash h of said program 
P with the HASHi function, by using the compression 
function Hi and the constant IVi, and finally generates 
signatures a±, by means of the fi K function and of the 
key K, which signatures a± it transmits to the XT; 

b) an execution phase during which the X/iP checks 
that h and ID are equal, also verifies that ID is 
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stored in its non-volatile memory, and then requests, 
one after the other, the instructions of P so as to 
execute them, and, for some of them, performs a sub- 
stage of verification that consists in requesting a 

5 signature a, constructed on the basis of the signatures 
Qi generated during the initialization stage and by 
means of the HASH 2 function, and in verifying said 
signature a; 

c) a reaction stage that takes place whenever a 
10 signature a is not valid. 

2 . A method of making instructions of an 
electronic portable object secure according to claim 1, 
characterized in that the sub-stage of verification in 
the execution stage is verification of the signature a 
15 taking place prior to execution of each instruction. 

3. A method of making instructions of an 
electronic portable object secure according to claim 2, 
characterized in that the execution stage comprises the 
following sub-stages : 

20 b-1) the X/zP requests an instruction from the XT; 

b-2) the X/xP requests a signature cr constructed 
on the basis of the signatures Oi generated during the 
initialization stage and by means of the HASH 2 function, 
and, in the event that said signature a is not valid, 
2 5 executes the reaction stage; and 

b-3) the X/iP executes the instruction and returns 
to the sub-stage b-1. 

4. A method of making instructions of an 
electronic portable object secure according to claim 1, 
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characterized in that the sub-stage of verification in 

the execution stage is verification of the signature a 
taking place prior to execution of the instruction, if 
said instruction is an instruction that is critical for 
security . 

5. A method of making instructions of an 
electronic portable object secure according to claim 4, 
characterized in that the execution stage comprises the 
following sub- stages : 

b-1) the X/xP requests an instruction from the XT; 

b-2) if said instruction is critical for 
security, the XfiP requests a signature a constructed on 
the basis of the signatures c?i generated during the 
initialization stage and by means of the HASH 2 function, 

and, in the event that said signature a is not valid, 
executes the reaction stage; and 

b-3) the X/zP executes the instruction and returns 
to the sub-stage b-1. 

6. A method of making an electronic portable 
object secure according to claim 1, characterized in 
that the sub-stage of verification in the execution 
stage is verification of the signature a taking place 
prior to execution of the instruction if said 
instruction is an instruction that is critical for 
security, and if at least one of the items of data used 
for said instruction is a secret item of data. 

7. A method of making instructions of an 
electronic portable object secure according to claim 6, 
characterized in that it uses a variable <D defining the 
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set of security levels defined at a given instant by- 
execution of a given program P, and in that the 
execution stage comprises the following sub-stages: 

b-1) the XptP requests an instruction from the XT; 
5 b-2) if said instruction is critical for security 

and if at least one of the items of data used by the 
instruction is secret, then the X/xP requests a 
signature a constructed on the basis of the signatures 
di generated during the initialization stage and by 
10 means of the HASH 2 function, and, in the event that said 

signature a is not valid, executes the reaction stage; 
and 

b-3) the X/iP executes the instruction, updates 
the security level (secret or non-secret data) of each 
15 of the items of data coming from the execution, and 
returns to the sub-stage b-1. 

8. A method of making instructions of an 
electronic portable object secure according to claim 7, 

characterized in that it uses a variable d> defining the 
2 0 set of security levels defined at a given instant by 
execution of a given program P, in that it uses an 
Alert Boolean function, and in that the execution stage 
comprises the following sub-stages: 

b-1) the X/iP requests an instruction from the XT; 
25 b-2) if said instruction is critical for security 

and if the Alert Boolean function determined on the 
basis of the security level of the data used by the 
instruction and by the nature of the instruction itself 
is evaluated as TRUE, then the X/iP requests a signature 
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a constructed on the basis of the signatures a± 
generated during the initialization stage and by means 
of the HASH 2 function, and, in the event that said 

signature cr is not valid, executes the reaction stage; 
5 and 

b-3) the XfxP executes the instruction, updates 
the security level (secret or non-secret data) of each 
of the items of data coming from the execution, and 
returns to the sub- stage b-1. 

10 9. A method of making instructions of an 

electronic portable object secure according to claim 1, 
characterized in that it uses a HASH 3 function defined 
by a compression function H 3 and a constant IV 3 , and in 
that the program P is supplied in the form of a 

15 succession of G sections or blocks of instructions, G 
thus denoting the number of sections of said program. 

10 . A method of making instructions of an 
electronic portable object according to claim 9, 
characterized in that said protocol comprises the 

20 following stages: 

a) an initialization stage during which the X/xP 
generates an ephemeral key K, then receives from the XT 
the entire set of the program P, its number of sections 
G and its identifier ID, computes the hash h of said 

25 program P with the HASHi function, by using the 
compression function Hi and the constant IVi, and with 
the HASH 3 function, by using the compression function H 3 
and the constant IV 3/ and finally generates signatures 
a-j, by means of the /i K function and of the key K, which 

3 0 signatures <7j it transmits to the XT; 
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b) an execution phase during which the X/xP checks 
that h and ID are equal, also verifies that ID is 
stored in its non-volatile memory, and then requests, 
one after the other, the sections of P so as to execute 

5 them, and, for some of them, performs a sub-stage of 
verification that said sections comply, and then 
finally, for the final instruction of certain sections, 
performs a sub-stage of verification that consists in 
requesting a signature or, constructed on the basis of 

10 the signatures o± generated during the initialization 
stage and by means of the HASH 2 function, and in 
verifying said signature; and 

c) a reaction stage that takes place whenever a 

signature a is not valid or whenever a section does not 
15 comply. 

11. A method of making instructions of an 
electronic portable object secure according to claim 
10, characterized in that the sub-stage of verification 
that a given section complies consists in verifying 

20 that no instruction of that section, except possibly 
for the last instruction, is an instruction that is 
critical for security. 

12. A method of making instructions of an 
electronic portable object secure according to claim 

25 11, characterized in that the sub-stage of verification 
in the execution stage is verification of the signature 
a taking place prior to execution of the final 
instruction of each section. 
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13 . A method of making instructions of an 
electronic portable object secure according to claim 
12, characterized in that the execution stage comprises 
the following sub- stages: 
5 b-1) the X/xP requests a section from the XT; 

b-2) for each non-final instruction of the 
requested section, the X[iP verifies whether said 
instruction is critical, and, if it is, performs the 
reaction phase, and, otherwise, executes said 
10 instruction and goes to the next instruction; 

b-3) for the final instruction of the requested 
section : 

b-31) the X/iP requests a signature a constructed 
on the basis of the signatures <Tj generated during the 
15 initialization stage and by means of the HASH 2 function, 
and, in the event that said signature or is not valid, 
executes the reaction stage; and 

b-32) the X/xP executes the instruction; 

b-4) the X/xP then returns to the sub-stage b-1. 
20 14 . A method of making instructions of an 

electronic portable object secure according to claim 
11, characterized in that the sub-stage of verification 
in the execution stage is verification of the signature 
a taking place prior to execution of the final 
25 instruction of each section, if said instruction is an 
instruction that is critical for security. 

15. A method of making instructions of an 
electronic portable object secure according to claim 
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14, characterized in that the execution stage comprises 
the following sub- stages: 

b-1) the XfiP requests an instruction from the XT; 

b-2) for each non- final instruction of the 
5 requested section, the X/xP verifies whether said 
instruction is critical, in which case it performs the 
reaction stage, and otherwise it executes said 
instruction and goes on to the next instruction; 

b-3) for the final instruction of the requested 
10 section: 

b-31) if the instruction is critical for 
security, the X//P requests a signature a constructed on 

the basis of the signatures <7j generated during the 
initialization stage and by means of the HASH 2 function, 

15 and, in the event that said signature a is not valid, 
executes the reaction stage; and 

b-32) the X/iP executes the instruction; and 
b-4) the X/xP then returns to the sub-stage b-1. 

16. A method of making instructions of an 
20 electronic portable object secure according to claim 

11, characterized in that the sub-stage of verification 
in the execution stage is verification of the signature 
a taking place prior to execution of the final 
instruction of each section, if said instruction is an 
25 instruction that is critical for security, and if at 
least one of the items of data used by said instruction 
is a secret item of data. 

17. A method of making instructions of an 
electronic portable object secure according to claim 
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16, characterized in that it uses a variable <I> defining 
the set of security levels defined at a given instant 
by execution of a given program, and in that the 
execution stage comprises the following sub-stages: 
5 b-1) the X/xP requests an instruction from the XT; 

b-2) for each non-final instruction of the 
requested section, the X/iP verifies whether said 
instruction is critical, in which case it performs the 
reaction stage, and otherwise it executes said 
10 instruction and goes on to the next instruction; 

b-3) for the final instruction of the requested 
section : 

b-31) if the instruction is critical for 
security, and if at least one of the items of data used 
15 by the instruction is secret, the X/xP requests a 

signature a constructed on the basis of the signatures 
<jj generated during the initialization stage and by 
means of the HASH 2 function, and, in the event that said 

signature a is not valid, executes the reaction stage; 
2 0 and 

b-32) the X/xP executes the instruction; 

b-33) the X/jlP updates the security level (secret 
data or non-secret data) of each of the items of data 
coming from the execution; and 
25 b-4) the X/iP then returns to the sub-stage b-1. 

18. A method of making instructions of an 
electronic portable object secure according to claim 
16, characterized in that it uses a variable <D defining 
the set of security levels defined at a given instant 



by execution of a given program, in that it uses an 
Alert Boolean function and in that the execution stage 
comprises the following sub-stages: 

b-1) the X/xP requests an instruction from the XT; 

b-2) for each non-final instruction of the 
requested section, the X/zP verifies whether said 
instruction is critical, in which case it performs the 
reaction stage, and otherwise it executes said 
instruction and goes on to the next instruction; 

b-3) for the final instruction of the requested 
section : 

b-31) if the instruction is critical for 
security, and if the Alert Boolean function determined 
on the basis of the security level of the data used by 
the instruction and by the nature of the instruction 
itself is evaluated as being TRUE, the XfiP requests a 
signature a constructed on the basis of the signatures 
Qj generated during the initialization stage and by 
means of the HASH 2 function, and, in the event that said 

signature a is not valid, executes the reaction stage; 
and 

b-32) the X/iP executes the instruction; 

b-33) the X/xP updates the security level (secret 
data or non- secret data) of each of the data coming 
from the execution; and 

b-4) the X/iP then returns to the sub-stage b-1. 

19. A method of making instructions of an 
electronic portable object secure according to any one 
of claims 4 to 8, or 11 to 18, characterized in that at 
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least one of the following types of instruction are 
critical for security: 

the test instructions and/or 

the instructions issuing information to the 
5 outside via communications means and/or 

the instructions modifying the contents of the 
non-volatile memory and/or 

the computation instructions presenting 
special cases during execution of them, such as the 
10 launch of exceptions. 

20. A method of making instructions of an 
electronic portable object secure according to claim 8, 
or claim 18, characterized in that the Alert Boolean 
function is evaluated as being TRUE for at least one of 

15 the following types of instruction: 

the test instructions and/or 

the instructions issuing information to the 
outside via communications means and/or 

the instructions modifying the contents of the 
2 0 non-volatile memory and/or 

the computation instructions presenting 
special cases during execution of them, such as the 
launch of exceptions. 

21. A method of making instructions of an 
25 electronic portable object secure according to claim 8, 

or claim 18, characterized in that the Alert Boolean 
function is evaluated as being TRUE for at least one of 
the following types of instruction, if at least one of 
the input items of data is secret, and as being FALSE 
30 if all of the items of data tested are public: 
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the test instructions and/or 

the instructions issuing information to the 
outside via communications means and/or 

the instructions modifying the contents of the 
5 non-volatile memory and/or 

the computation instructions presenting 
special cases during execution of them, such as the 
launch of exceptions. 

22. A method of making instructions of an 
10 electronic portable object secure according to any one 
of claims 7 or 8, or 17 or 18, characterized in that 
the set of security levels <D used during execution of a 

program P is indicated by the value of a function (p, 
such that, for any item of data u used by the program, 
15 cp(u)=0 designates the fact that u is public and <p (u) =1 
designates the fact that u is private, and such that, 
for any item of data v resulting from execution of an 

instruction of the program P, cp(v)=l if at least one of 
the items of input data of the instruction is private, 
20 and, otherwise q> (v) =0 . 

23 . A method of making instructions of an 
electronic portable object secure according to claim 

22, characterized in that the values of the function cp 
are computed by means of hardware implementation of a 
2 5 u Logic OR" function implemented on the values of the cp 
function for the input data of the instructions. 

24. A method of making instructions of an 
electronic portable object secure according to any one 
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of claims 1 to 23, characterized in that the hash 
functions HASHi, HASH 2 , and HASH 3 are identical. 

25. An electronic object, characterized in that 
it implements any one of claims 1 to 24 . 



